From 06f3f9c0b1d383829ef3c9b91665069fc75d4575 Mon Sep 17 00:00:00 2001
From: Martin Najemi <martin@najemi.cz>
Date: Fri, 20 Feb 2026 14:17:35 +0100
Subject: [PATCH] fix: Detect export const/let declarations in entrypoint taint
 checking

Risk: low
---
 CHANGELOG.md                |  6 +++++
 VERSION                     |  2 +-
 internal/tsparse/tsparse.go | 44 ++++++++++++++++++++++++++++---------
 3 files changed, 41 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1fdd7b3..cfef018 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.15.2] - 2026-02-20
+
+### Fixed
+- Fix `export const`/`export let` declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. `export const allScenarios = [...]`) to be invisible during entrypoint taint checking
+
 ## [0.15.1] - 2026-02-17
 
 ### Changed
@@ -187,6 +192,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Multi-stage Docker build
 - Automated vendor upgrade workflow
 
+[0.15.2]: https://github.com/gooddata/gooddata-goodchanges/compare/v0.15.1...v0.15.2
 [0.15.1]: https://github.com/gooddata/gooddata-goodchanges/compare/v0.15.0...v0.15.1
 [0.15.0]: https://github.com/gooddata/gooddata-goodchanges/compare/v0.14.2...v0.15.0
 [0.14.2]: https://github.com/gooddata/gooddata-goodchanges/compare/v0.14.1...v0.14.2
diff --git a/VERSION b/VERSION
index 8076af5..a12760e 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.15.1
\ No newline at end of file
+0.15.2
\ No newline at end of file
diff --git a/internal/tsparse/tsparse.go b/internal/tsparse/tsparse.go
index 3d0dbb5..45f5aa7 100644
--- a/internal/tsparse/tsparse.go
+++ b/internal/tsparse/tsparse.go
@@ -210,17 +210,41 @@ func extractExports(stmt *ast.Node, analysis *FileAnalysis) {
 
 	default:
 		if ast.HasSyntacticModifier(stmt, ast.ModifierFlagsExport) {
-			name := getDeclName(stmt)
-			if name != "" {
-				isDefault := ast.HasSyntacticModifier(stmt, ast.ModifierFlagsDefault)
-				exportName := name
-				if isDefault {
-					exportName = "default"
+			isDefault := ast.HasSyntacticModifier(stmt, ast.ModifierFlagsDefault)
+
+			// VariableStatement has no Name() — iterate into declarations
+			if stmt.Kind == ast.KindVariableStatement {
+				vs := stmt.AsVariableStatement()
+				if vs.DeclarationList != nil {
+					dl := vs.DeclarationList.AsVariableDeclarationList()
+					if dl.Declarations != nil {
+						for _, decl := range dl.Declarations.Nodes {
+							name := getDeclName(decl)
+							if name != "" {
+								exportName := name
+								if isDefault {
+									exportName = "default"
+								}
+								analysis.Exports = append(analysis.Exports, Export{
+									Name:      exportName,
+									LocalName: name,
+								})
+							}
+						}
+					}
+				}
+			} else {
+				name := getDeclName(stmt)
+				if name != "" {
+					exportName := name
+					if isDefault {
+						exportName = "default"
+					}
+					analysis.Exports = append(analysis.Exports, Export{
+						Name:      exportName,
+						LocalName: name,
+					})
 				}
-				analysis.Exports = append(analysis.Exports, Export{
-					Name:      exportName,
-					LocalName: name,
-				})
 			}
 		}
 	}